Apple bounties, DARPA bots, and 'Hackers for Hillary'

By Robert Hackett
August 6, 2016

Greetings from Las Vegas, where Black Hat and Defcon, the world’s biggest code cracking confabs, took place this week. If you tried to contact me, our communications were probably intercepted. Oh well.

Some highlights from the desert:

Attendees witnessed the world’s impending cybernetic future Thursday evening as seven supercomputers exchanged virtual blows, each vying to win a first-of-its-kind autonomous hacking competition hosted by DARPA, the military’s futuristic research arm. The machine melee signaled a coming, if nascent age of “self-driving” cyber defense. (Congrats to Carnegie Mellon’s team Mayhem, whose AI took home the $2 million grand prize—and the glory!)

Ivan Krstić, head of security engineering at Apple, took the stage at Black Hat earlier that same day to unveil—at long last—the company’s first-ever bug bounty program. Beginning in September, the tech giant is inviting a curated set of hackers to find and report vulnerabilities in its code for rewards as high as $200,000. Though the payouts are greater than just about any other bug bounty program, exploits sold on grayer markets can reach the million-dollar range.

Jeff Moss, founder of Black Hat and Defcon, cohosted a fundraiser for Hillary Clinton in a cramped Mexican restaurant at the Mandalay Bay hotel on Wednesday night. Beneath the din of mariachi music, the shaggy-haired figurehead within the hacking community told me he had more hope that Clinton would protect Internet freedoms than Donald Trump—despite the Democratic candidate’s wishy-washy stance on encryption.

While wandering about the showroom floor, I encountered a surprising recruiter wedged between Cisco, Paypal, and Raytheon’s Forcepoint: Snapchat. The ephemeral messaging firm is apparently staffing up its security team. Unfortunately, a booth attendant shooed this reporter away and refused to answer questions about the company’s presence. Worth noting: if Snapchat wants to lock down its intellectual property, it’s probably too late for that.

Okay, that’s my recap. Defcon is still underway, but I’m headed back to the east coast to catch a graduation party for a younger cousin. I look forward to connecting to the Wi-Fi network in my own home, where fewer hackers and eavesdroppers lurk (I hope).

Have a great weekend, readers. More below.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.


THREATS

Apple: hacks wanted. The colossus of Cupertino finally caved and hopped on the bug bounty bandwagon like tech giants Facebook, Google, and Microsoft before it. The company announced an invite-only program that will launch in September. Apple said it will pay as much as $200,000 for reports of flawed code—higher than most other programs. (Fortune)

Rock ’em sock ’em robots. A DARPA-sponsored fully autonomous capture the flag tournament concluded this week with Carnegie Mellon University’s ForAllSecure team taking home the gold. The champion machine, dubbed “Mayhem,” beat out six others in a virtual competition to find and patch software vulnerabilities without human help. (Wired)

Symantec soars. The cybersecurity firm’s stock price popped 5% after the company reported better-than-expected revenue on Thursday. The news reflects well upon Symantec’s strategy of deemphasizing consumer antivirus software in favor of enterprise security products. (Fortune)

FireEye flails. The company reported worse-than-expected revenue and marked down its forecasts for the year, blaming losses on a lower incidence of sophisticated cyberattacks affecting clientele. Still aiming to become profitable next year, the firm said it planned to lay off between 300 to 400 of its 3,400-person workforce. (Fortune)

By the way, in the last year suspected Iranian hackers breached more than a dozen user accounts on Telegram, a popular encrypted chat app. Worryingly, the attackers also appear to have accessed 15 million people’s phone numbers.

Share today’s Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.


ACCESS GRANTED

Fortune’s Jen Wieczner explains why cybersecurity firm FireEye took such a big buzzcut in the stock market this week.

FireEye’s stock plummeted as much as 17% Friday after it missed its earnings targets. But the cybersecurity company offered an excuse that may be a silver lining: Hacks are getting smaller and easier to deal with. Read the rest on Fortune.com.



ONE MORE THING

Could ears become the new fingerprints? Biometric earbuds aim to identify people through the way that sound waves bounce around inside their acoustic cavities. This authentication method could be harder for a fraudster to outsmart or steal than a fingerprint, which people leave on surfaces everywhere. (Nautilus)

SPONSORED FINANCIAL CONTENT

You May Like